Saturday, April 09, 2011

Epsilon breach: the iStealer and CyberGate mystery

A marketing (legal spam) firm was hacked and a bunch of our "private" (hah!) information was stolen. We can now expect more personalized phishing attacks (yawn). We might see more identity theft, but I've read that the identity reseller market has collapsed -- perhaps because there was too much cheating going on. (This is why civilization can win -- crooks can't trust each other).

Yawn. Another day, another semi-legal enterprise hacked. it's a boring story [1], not nearly as interesting as the far more sensitive, and far less discussed, RSA hack.

The story is boring, but there's a curious angle. The attack was prosaic ...

...The link in the body of the email took the user to a page that downloaded three malware programs – one that disables anti-virus software, another (iStealer) that is a Trojan keylogger to steal passwords, and a third (CyberGate) which offers hackers remote administration of the infected machine....

But the curious angle is how the attack trio are described: iStealer, CyberGate and an anonymous tool for disabling system defenses. I can't find out anything about them!

A google search on iStealer turns up lots of hits -- but they're obviously from shady sites I wouldn't visit without a VM constrained self-destructing browser. The only Wikipedia hits are on Russian language pages. In fact, as of today, this blog post is probably going to be the only legit result in many searches! (Sorry, I don't know anything.)